The e-mail went out to several hundred season ticket holders, and contained names, addresses, phone numbers, fax numbers and e-mail addresses, along with the fans' seat numbers and Yankees account numbers.

The message was recalled by the sales representative within minutes, one recipient said. But by then it was too late.

The spreadsheet didn't have sensitive data such as Social Security numbers or credit card data, the Yankees said Wednesday in a press release, adding, "immediately upon learning of the accidental attachment of the internal spreadsheet, remedial measures were undertaken so as to assure that a similar incident could not happen again."

On its own, the type of information is not considered to be particularly sensitive. But security experts worry that big e-mail lists like this could be used as a stepping stone by phishers to create targeted attacks that then trick victims into disclosing more valuable information or installing malicious software.

Hackers have repeatedly gone after this information in the past. In recent weeks both Epsilon and software vendor Ashampoo acknowledged that they'd been hacked and e-mail addresses and customer names were stolen. In Ashampoo's case, the company's customers were then sent fake order confirmation e-mails that looked like they came from PurelyGadgets, a U.K.-based online retailer. These files contained maliciously encoded pdf documents that could install malicious software on the victim's computer if opened, according to Ashampoo.

Because it includes the addresses of thousands of season ticket holders, the spreadsheet could also give thieves a pretty reliable list of people to burglarize during Yankees games.

On the NYYFans.com discussion forum, fans were split -- some calling for the sales rep's job, others for forgiveness. "It's a big mistake, but it's still a mistake," wrote one poster, named TheYankee. "To call for a man's job over this seems heartless."